A lot of spambots automatically create new user accounts on Drupal sites then load up the user bio field with spam URLs. Enable the spam module to scan this field as it would any other content type. Ideally, it would not only notify the user and admin, but also block the account until the problem is resolved.

Comments

@Jeremy: I hope you don't mind my moving this issue. This is not really an issue with the filter itself, as it will examine whatever field it is pointed at.

This is an interesting problem. Certainly it's do-able, but far from trivial. First, each site's profile fields will be a bit different. Second, it doesn't address those sites that use the user-as-node solutions, although they might be handled by content type filters. Third, what do you do on sites like one of mine that has a profile field where lists of URLs are invited. Fourth, the profile and user modules are not really good at formatting profile fields for others to look at - in some cases the data isn't even properly placed in the tables for some time after being created.

To do this, one would have to read the profile fields table to find out what fields are available, then require the administrator to select which fields should be examined. Then one would have to use the user and profile hooks to catch the data on the way into the site, both at registration and later at account modification.

Personally, I would suggest that if this is a problem on your site, it would be better for you to use "Admin must approve" on new accounts. How many users are registering per day or week? Is this an egregious workload?

In an upcoming rewrite of the spam module I hope to address this by making the spam filter more generic and available against all Drupal forms. User creation involves filling out a form, and if that form is run through the spam filter abuse could be automatically detected...

Gotcha is unrelated to this issue, please let's not clutter these issues with unrelated discussion -- instead, open a new issue. (Quick answer: Spam 3.x should make it easier for your Gotcha module to do what it does, as a simple spam filter)